white list for nas-ipaddress

Dimitrios Giannakopoulos d.giannakop at gmail.com
Tue Jul 28 21:19:55 CEST 2009 

Hi Miranda
I use the same users file and authorization configuration (with sql)
and it is work fine.


On Tue, Jul 28, 2009 at 9:28 PM, Miguel
Miranda<miguel.mirandag at gmail.com> wrote:
> Well, that is not the only one nas i have , the sql module is requiered for
> several other nas and hotspots users...
>
> On Tue, Jul 28, 2009 at 12:25 PM, Dimitrios Giannakopoulos
> <d.giannakop at gmail.com> wrote:
>>
>> The problem is that the sql module returns reject
>> you can remove the sql from authorization
>>
>> On Tue, Jul 28, 2009 at 8:53 PM, Miguel
>> Miranda<miguel.mirandag at gmail.com> wrote:
>> > Hi, i want to accept all request coming from a specific nas-ip-assdress
>> > , i
>> > used to configure like this (in users file):
>> >
>> > DEFAULT NAS-IP-Address == "192.168.150.25", Auth-Type := Accept
>> >                 Fall-Through = Yes
>> > The above settings are not working now, this is the debug of a
>> > transaction:
>> >
>> > rad_recv: Access-Request packet from host 192.168.150.25 port 1645,
>> > id=52,
>> > length=94
>> >         NAS-IP-Address = 192.168.150.25
>> >         NAS-Port = 108
>> >         NAS-Port-Type = Async
>> >         User-Name = "123.com.sv"
>> >         Called-Station-Id = "22660321"
>> >         Calling-Station-Id = "22264218"
>> >         User-Password = "cisco"
>> >         Service-Type = Dialout-Framed-User
>> > +- entering group authorize {...}
>> > ++[preprocess] returns ok
>> > ++[chap] returns noop
>> > ++[mschap] returns noop
>> > [suffix] No '@' in User-Name = "123.com.sv", looking up realm NULL
>> > [suffix] No such realm "NULL"
>> > ++[suffix] returns noop
>> > [eap] No EAP-Message, not doing EAP
>> > ++[eap] returns noop
>> > ++[files] returns noop
>> >         expand: %{User-Name} -> 123.com.sv
>> > [sql] sql_set_user escaped user --> '123.com.sv'
>> > rlm_sql (sql): Reserving sql socket id: 22
>> >         expand: SELECT id, username, attribute, value, op           FROM
>> > radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
>> > BY id
>> > -> SELECT id, username, attribute, value, op           FROM
>> > radcheck           WHERE username = '123.com.sv'           ORDER BY id
>> >         expand: SELECT groupname           FROM radusergroup
>> > WHERE
>> > username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
>> > groupname           FROM radusergroup           WHERE username =
>> > '123.com.sv'           ORDER BY priority
>> > rlm_sql (sql): Released sql socket id: 22
>> > [sql] User 123.com.sv not found
>> > ++[sql] returns notfound
>> > ++[expiration] returns noop
>> > ++[logintime] returns noop
>> > [pap] WARNING! No "known good" password found for the user.
>> > Authentication
>> > may fail because of this.
>> > ++[pap] returns noop
>> > No authenticate method (Auth-Type) configuration found for the request:
>> > Rejecting the user
>> > Failed to authenticate the user.
>> > Login incorrect: [123.com.sv/cisco] (from client tigo port 108 cli
>> > 22264218)
>> > Using Post-Auth-Type Reject
>> > +- entering group REJECT {...}
>> >         expand: %{User-Name} -> 123.com.sv
>> >  attr_filter: Matched entry DEFAULT at line 11
>> > ++[attr_filter.access_reject] returns updated
>> > Delaying reject of request 1 for 1 seconds
>> > Going to the next request
>> >
>> >
>> > Im using freeradius 2 and daloradius 0.9, and this a extract of relevant
>> > radius.conf settings:
>> >
>> > authorize {
>> >         preprocess
>> >         chap
>> >         mschap
>> >         suffix
>> >         eap {
>> >                 ok = return
>> >         }
>> >
>> >         files
>> >         sql
>> >         expiration
>> >         logintime
>> >         pap
>> > }
>> >
>> >
>> >
>> > authenticate {
>> >         Auth-Type PAP {
>> >                 pap
>> >         }
>> >
>> >         Auth-Type CHAP {
>> >                 chap
>> >         }
>> >
>> >         Auth-Type MS-CHAP {
>> >                 mschap
>> >         }
>> >         eap
>> > }
>> >
>> >
>> > preacct {
>> >         preprocess
>> >         acct_unique
>> >         suffix
>> >         files
>> > }
>> >
>> > accounting {
>> >         detail
>> >         sql
>> >         attr_filter.accounting_response
>> > }
>> >
>> >
>> > session {
>> >         radutmp
>> > }
>> >
>> >
>> > post-auth {
>> >
>> >
>> >
>> >
>> >
>> >         exec
>> >
>> >         Post-Auth-Type REJECT {
>> >                 attr_filter.access_reject
>> >         }
>> > }
>> >
>> > post-proxy {
>> >         eap
>> > }
>> >
>> >
>> > From the debug it appears that users file is not being processed
>> > correctly,
>> > what should i check?
>> > regards
>> > Miguel Miranda
>> >
>> >
>> >
>> > -
>> > List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>> >
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list